<?php
    if (!isset($_GET['id'])) {
    header("Location: ./");
    exit();
}

else
{
    $user_result = mysql_query("SELECT articles.id, articles.header, articles.text, users.name, articles.accepted, articles.deleted FROM articles, users WHERE articles.id=$_GET[id] AND articles.user=users.id;");
    if (mysql_error())
        die(mysql_error());
    $row = mysql_fetch_array($user_result);

    if ($_POST['mySubmit'] && $row['name'] === $_SESSION['cur_user']) {
        if (!$_POST['article_header_input'])
            $article_header_input_err = 'Обязательное поле для заполнения';
        if (!$_POST['article_text_input'])
            $article_text_input_err = 'Обязательное поле для заполнения';
        if ($_POST['article_header_input'] && $_POST['article_text_input']) {
            $echod_text = '<span id="action_message" class="accept">Изменения сохранены</span>';
            $user_result2 = mysql_query("UPDATE articles SET header='" . ($row['header'] = $_POST['article_header_input']) . "', text='" . ($row['text'] = $_POST['article_text_input']) . "' where id=" . $row['id'] . ";");
            if (mysql_error())
                die(mysql_error());
        }
    }
    if ($_POST['myAccept'] && $_SESSION['user_privileg_role'] >= 10 && $row['deleted'] == 0) {
        $echod_text = '<span id="action_message" class="accept">Статья в общем доступе</span>';
        $user_result2 = mysql_query("UPDATE articles SET accepted='1' where id=" . $row['id'] . ";");
        $row['accepted'] = 1;
        if (mysql_error())
            die(mysql_error());
    }
    if ($_POST['myDelete']) {
        $echod_text = '<span id="action_message" class="error">Статья удалена</span>';
        $user_result2 = mysql_query("UPDATE articles SET deleted='1' where id=" . $row['id'] . ";");
        $row['deleted'] = 1;
        if (mysql_error())
            die(mysql_error());
    }
    if ($_POST['new-comment']) {
        if ($_POST['comment_text_input']) {
            $echod_text = '<span id="action_message" class="accept">Комментарий добавлен</span>';
            $user_result2 = mysql_query("INSERT INTO comments (user, text, article) VALUES ((SELECT id FROM users WHERE name='" . $_SESSION['cur_user'] . "'), '" . trim($_POST['comment_text_input']) . "', " . $row['id'] . ");");
        }
        else
            $echod_text = '<span id="action_message" class="error">Комментарий не должен быть пустым</span>';
    }
    if ($_POST['del-comment']) {
        $echod_text = '<span id="action_message" class="error">Комментарий удален</span>';
        mysql_query("DELETE FROM comments WHERE id=".$_POST['del-comment'].";");
    }
    echo($echod_text);
}

?>

<form method="post" id="form-id">
<?php
    if (!isset($_POST['article_header_input']))
    $_POST['article_header_input'] = $row['header'];
    if (!isset($_POST['article_text_input']))
        $_POST['article_text_input'] = $row['text'];
    include("showArticleBlanc.php");
    if ($row['name'] === $_SESSION['cur_user'] && $row['deleted'] == 0 && $row['accepted'] == 0) echo("<input type='submit' value='Сохранить' name='mySubmit'>");
    if ($_SESSION['user_privileg_role'] >= 10 && $row['deleted'] == 0 && $row['accepted'] == 0) echo("<input type='submit' value='Разрешить' name='myAccept'>");
    if (($row['name'] === $_SESSION['cur_user'] || $_SESSION['user_privileg_role'] >= 10) && $row['deleted'] == 0) echo("<input type='submit' value='Удалить' name='myDelete'>");
    ?>
    <br>
<?php
    if ($_SESSION['user_privileg_role'] == 0)
    echo("<span class='error'>Вы не можете оставлять комментарии, пока не зарегистрируетесь, или не зайдете под воим именем</span>");
elseif ($row['deleted'] == 0 && $row['accepted'] == 1) {
    $user_result3 = mysql_query("SELECT comments.id, users.name, comments.created, comments.text FROM comments, users WHERE comments.user =users.id AND comments.article=" . $row['id'] . ";");
    if (mysql_error())
        die(mysql_error());
    echo("<input id='del-comment' name='del-comment' type='hidden'/>");
    while ($row10 = mysql_fetch_array($user_result3)) {
        ?>
        <div class="comment-block">
            <div class="wrapper">
                <div class="comment-header">
                    <span class="comment-header-text"><?php echo($row10['name']); ?></span>
                    <?php if ($_SESSION['user_privileg_role'] >= 10) echo("<a href='#' class='error' onclick=\"document.getElementById('del-comment').value=$row10[id]; document.getElementById('form-id').submit(); return false;\"> (Удалить)</a>"); ?>
                    <span class="comment-header-date"><?php echo($row10['created']); ?></span>
                </div>
                <div><?php echo($row10['text']); ?></div>
            </div>
        </div>
        <?php

    }
}
    ?>

    <div id="input-comment-block" class="comment-block">
        <div class="wrapper">
            <span class="comment-header-text">Ваш комментарий:</span><br>
            <textarea name="comment_text_input"></textarea>
            <input id="new-comment" name="new-comment" type="hidden"/>
            <a href="#"
               onclick="document.getElementById('new-comment').value='new-comment'; document.getElementById('form-id').submit(); return false;"
               class="comment-header-text">Прокомментировать</a>
        </div>
    </div>
</form>